Clever vibrational hack turns iPhone into spyPhone

By Will Parker on October 19, 2011 in Computing & Electronics, News

Researchers at Georgia Tech have demonstrated how a smartphone accelerometer (the sensor that detects the phone’s orientation) can sense nearby computer keyboard vibrations and decipher complete sentences with up to 80 percent accuracy. Georgia Tech’s Patrick Traynor (pictured) is presenting his team’s work this week at the 18th ACM Conference on Computer and Communications Security in Chicago.

“We first tried our experiments with an iPhone 3GS, and the results were difficult to read,” explained Traynor. “But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack.”

The hack works through probability and by detecting pairs of keystrokes, rather than individual keys (which still is too difficult to accomplish reliably, according to Traynor). It models “keyboard events” in pairs, then determines whether the pair of keys pressed is on the left versus right side of the keyboard, and whether they are close together or far apart.

After the software has determined these characteristics for each pair of keys depressed, it compares the results against a preloaded dictionary, each word of which has been broken down along similar measurements (i.e., are the letters left/right, near/far on a standard QWERTY keyboard). Working with dictionaries comprising about 58,000 words, the system reached word-recovery rates as high as 80 percent.

“The way we see this attack working is that you, the phone’s owner, would request or be asked to download an innocuous-looking application, which doesn’t ask you for the use of any suspicious phone sensors,” explained co-researcher Henry Carter. “Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening.”

Traynor warned that the danger in this sort of attack stemmed from the fact that the phone’s accelerometer was able to be accessed by applications without user approval. “Phone operating systems won’t give new applications access to most built-in sensors, including the microphone. Accelerometers, however, aren’t protected in this way.”

But Traynor says that smartphone users shouldn’t be too paranoid that hackers are tracking their computer keystrokes. “Since the study found an effective range of just three inches from a keyboard, phone users can simply leave their phones in their purses or pockets, or just move them further away from the keyboard. The likelihood of someone falling victim to an attack like this right now is pretty low. This was really hard to do. But could people do it if they really wanted to? We think yes.”